Ignore SSL Certificate in a Servlet

后端 未结 3 1130
忘掉有多难
忘掉有多难 2021-02-19 04:21

I am getting the following exception:

javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.pro         


        
相关标签:
3条回答
  • 2021-02-19 04:23

    Is the website certificate issued by a private/company-owned CA or is it a self-signed?

    ... new SSLContextBuilder().loadTrustMaterial(null, new TrustStrategy() ...
    
    • Trustore is null:
      Did you try to load a keystore/file containing the trusted CAs + their chains?
    • isTrusted always returning "true":
      You're overriding the standard JSSE certificate verification process and trusting all, so no security at all.
    • That exception: means that the certificate verification failed. RootCA, or the whole CA-chain is missing.

    So it seems like Tomcat ignored your SSLContext. Used like that, the sslContext is useless anyway. Debugging results? JVM SSL settings? Exception stack trace?

    0 讨论(0)
  • 2021-02-19 04:26

    You have developed one servlet. Right? It is nothing but a web page. If you want SSL enabled webpage then you must purchase SSL certificate after that install that certificate. If you don't have that certificate then do use above mentioned codes. Above mentioned codes is appropriate for all security issues.

    You have to buy the SSL/TSL certificate from companies like Verisign and Thawte.

    0 讨论(0)
  • 2021-02-19 04:49

    Try the following code.

    import java.security.cert.CertificateException;
    import java.security.cert.X509Certificate;
    
    import javax.net.ssl.X509TrustManager;
    
    public class DummyX509TrustManager implements X509TrustManager {
    
        @Override
        public X509Certificate[] getAcceptedIssuers() {
            return null;
        }
    
        @Override
        public void checkServerTrusted(X509Certificate[] paramArrayOfX509Certificate, String paramString)
                throws CertificateException {
        }
    
        @Override
        public void checkClientTrusted(X509Certificate[] paramArrayOfX509Certificate, String paramString)
                throws CertificateException {
        }
    };
    
    
    final TrustManager[] trustAllCerts = new TrustManager[] { new DummyX509TrustManager() };
    try {
        SSLContext sslContext= SSLContext.getInstance("SSL"); 
        sslContext.init(null, trustAllCerts, null);
    
        CloseableHttpClient client = HttpClients.custom()
            .setRedirectStrategy(new LaxRedirectStrategy()) 
            .setSslcontext(sslContext)   
            .setConnectionManager(connMgr)
            .build();
    } catch (KeyManagementException e) {
        throw new IOException(e.getMessage());
    } catch (NoSuchAlgorithmException e) {
        throw new IOException(e.getMessage());
    }
    
    0 讨论(0)
提交回复
热议问题